| Age | Commit message (Collapse) | Author |
|---|
|
I am moving DNS provider from deSEC to Mythic Beasts. As part of this change, I
need to use Mythic Beast's DNS API [1] in the playbook.
I want to reduce the number of operations that are made by grouping several
records together. To do this, I can use the "Identifying records to replace"
method from their DNS tutorial. [2] This provides a way to specify which
records should be replaced by the new records that you PUT onto the endpoint.
To use this, you specify the records via a url-encoded series of select
queries. Then, you can combine them into a disjunction of conjunctions like so:
?select=type%3DA%26host%3Dchat&select=type%3DAAAA
This gets split into two separate queries which are then decoded into:
type=A&host=chat
type=AAAA
Then, these records are replaced by whichever records are specified in the PUT
request.
It's painful to write these by hand, so write a script to generate them
automatically. Then, they should be pasted into the playbook when the desired
records update. If this happens often, we should make the playbook call the
script to get the values directly.
As an additional benefit, the script definitively states which records are
"owned" by the playbook. This is because the records specified in the script
are the ones that will be replaced each time the playbook is run.
Finally, since we've now added python to the playbook for the first time, add
the black linter to keep the code style in check.
[1] https://www.mythic-beasts.com/support/api/dnsv2
[2] https://www.mythic-beasts.com/support/api/dnsv2/tutorial
|
|
When I first made this playbook, I was a little sceptical of -or-later
licenses. However, I've come around to the idea over time.
|
|
I may in the future introduce yaml config file templates, since this is a
relatively common format for configuring services. If I do so, I should ensure
that yamllint gets run on these too.
|
|
There are some checks that are enabled by default in yamllint, that are not
caught by default by ansible-lint. For instance, ansible-lint does not check
for line lengths in its default configuration. Therefore, we would like to
re-introduce yamllint to make sure we do not miss any checks.
|
|
ansible-lint uses yamllint under the hood, and also checks for many more
"logical" errors in the ansible config.
|
|
At present, the playbook simply ensures that all required packages are
installed.
|
